Using C# to retrieve stack from bluescreen dump file

Question

I want to know if there is a way of using C# to open a Blue-screen crash dump + loading symbols, in order to retrieve the memory stack.

I know how to do it manually using the program windbg, So if there is a way to connect to Windbg using C# that might solve the problem as well.

Do anyone know how to extract the memory stack using C#, or to connect to Windbg using C#?

Thanks!

Windbg is using Windows System dll to extract the dump. So you can go to www.pinvoke.net to get the c# interfaces to the Windows dlls. You can do a search at pinvoke for debug. — jdweng, Oct 30 '16 at 08:14
You can always create a WinDbg [script file](https://msdn.microsoft.com/en-us/library/windows/hardware/ff560137(v=vs.85).aspx) and then use C# to create process with command line `windbg -cf myscript.txt -logo mylogfile.txt` and then analyze `mylogfile.txt` using your favorite C# method. — seva titov, Oct 30 '16 at 20:05
I would use the script option. The P/Invoke option is challenging for the debugger interfaces. — Steve Johnson, Oct 30 '16 at 23:17
Note that there are CorDbg and MDbg, where MDbg is written in C# (less powerpul than CorDbg) but they are both designed to debug managed code, not any crash dump. — Thomas Weller, Oct 31 '16 at 06:50

score 0 · Answer 1 · answered Oct 31 '16 at 07:11

I don't know any C# solution, but PyKd (Python) can do what you want. While I mainly use PyKd as a plugin for WinDbg,

It's a Python module and can be used in any Python script

so there's no need for WinDbg.

However, some commands may not work the same way as in WinDbg, e.g. dbgCommand() will attempt to run a command of the debugger, which is probably not possible if you work without WinDbg.

From your description, you'll need loadDump(), closeDump(), setSymbolPath() and setCurrentProcess(). There are classes for processes and threads and the sp (stack pointer) property may be helpful.

score 0 · Answer 2 · answered Oct 31 '16 at 12:50

0

If you want to go from scratch and use the dbgeng inerfaces in c# you may try ecpanding this code i put together

https://github.com/blabberer/chashdbg

answered Oct 31 '16 at 12:50

blabb

8,674
1
18
27

score 0 · Accepted Answer · answered Nov 01 '16 at 08:23

Thanks for your help, but i found a much easier way to use it... Since Windbg can be operated using cmd, it was pretty hard to find and understand the commands, but i managed to operate it using cmd.

After that it is possible to send cmd commands from C#, so i simply sent the command using C#, and wrote the results to file using Windbg's -logo command.

So by reading the file i could parse the results and extract the things that i want.

Thanks for all the help!

Using C# to retrieve stack from bluescreen dump file

3 Answers3